Lab Minutes Forum
Technical Discussion => Security => Topic started by: dong on June 11, 2015, 01:36:02 AM
-
Hi all,
I have configure VPN server on ASA5512-X connect to Cisco ISE for authentication, authorization. But when I use AnyConnect Mobility Client connect to ASA I receive log and not establish VPN.
3:00:31 PM Contacting 172.16.2.227.
3:00:44 PM User credentials entered.
3:00:44 PM Establishing VPN session...
3:00:44 PM The AnyConnect Downloader is performing update checks...
3:00:44 PM Checking for profile updates...
3:00:44 PM Checking for product updates...
3:00:49 PM Establishing VPN session...
3:00:49 PM Establishing VPN - Initiating connection...
3:00:49 PM VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.
3:00:49 PM AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
3:00:49 PM VPN session ended.
This is my configure in ASA
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-4.0.02052-k9.pkg 1
anyconnect enable
group-policy DfltGrpPolicy attributes
dns-server value 172.16.6.2
vpn-tunnel-protocol ikev1 ssl-client
default-domain value abc.com
split-dns value abc.com
group-policy vpn internal
group-policy vpn attributes
wins-server value 172.16.6.2 172.16.6.10
dns-server value 172.16.6.2 172.16.6.10
vpn-tunnel-protocol ikev1 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_Split
default-domain value abc.com
group-policy vpnkdn internal
group-policy vpnkdn attributes
wins-server value 172.16.6.2 172.16.6.10
dns-server value 172.16.6.2 172.16.6.10
vpn-tunnel-protocol ikev1 ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpnkdn_Split
default-domain value abc.com
address-pools value MYPOOL
webvpn
anyconnect keep-installer installed
anyconnect ask none default anyconnect
ip local pool MYPOOL 172.16.101.101-172.16.101.200 mask 255.255.255.0
aaa-server ISE protocol radius
aaa-server ISE (outside) host 172.16.6.193
retry-interval 2
key *****
authentication-port 1812
accounting-port 1813
radius-common-pw *****
tunnel-group DefaultRAGroup general-attributes
authentication-server-group ISE
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool MYPOOL
authentication-server-group ISE
tunnel-group vpnkvt type remote-access
tunnel-group vpnkvt general-attributes
address-pool MYPOOL
authentication-server-group ISE LOCAL
default-group-policy vpnkvt
tunnel-group vpnkvt webvpn-attributes
group-alias KVT enable
When user login web vpn authen is ok. but when AnyConnect Mobility can't establish VPN
Please help me fix error.
Thanks
-
Hi all,
I Can fix my problem, this guide help me
http://www.petenetlive.com/KB/Article/0000546.htm
-
Yep.. By default you cannot connect to AnyConnect VPN from RDP session. You need to allow it on the Client Profile via ASDM. Thank you for sharing.
-
Not sure what I am doing wrong but I have tried the suggested solution last year to no avail.
132 -rwx 2137 23:52:56 Sep 23 2014 RA-SSL-Profile.xml
group-policy AnyConnect-GROUP internal
group-policy AnyConnect-GROUP attributes
dns-server value x.x.x.x
vpn-simultaneous-logins 1
vpn-idle-timeout 1440
vpn-filter value VPN_RESTRICT
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Split_Tunnel
webvpn
anyconnect modules value dart
anyconnect profiles value RA-SSL-Profile type user
-
Please disregard as it is working. Not sure why it didn't work before.